Over a Dozen Malicious npm Packages Target Roblox Game Developers

More than a dozen malicious packages have been discovered on the npm package repository since the start of August 2023 with capabilities to deploy an open-source information stealer called Luna Token Grabber on systems belonging to Roblox developers. The ongoing campaign, first detected on August 1 by ReversingLabs, employs modules that masquerade as the legitimate package noblox.js, an API

CISOs Tout SaaS Cybersecurity Confidence, But 79% Admit to SaaS Incidents, New Report Finds

A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business leaders alike recognize SaaS cybersecurity as an increasingly important part of the cyber threat landscape. And at first glance, respondents appear generally optimistic about their SaaS cybersecurity. Over 600 IT, cybersecurity, and business leaders at

Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates

A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under its insect-themed moniker Carderbee. The attacks, per the cybersecurity firm, leverage a trojanized version of a legitimate software called

New Variant of XLoader macOS Malware Disguised as 'OfficeNote' Productivity App

A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under the guise of an office productivity app called "OfficeNote." "The new version of XLoader is bundled inside a standard Apple disk image with the name OfficeNote.dmg," SentinelOne security researchers Dinesh Devadoss and Phil Stokes said in a Monday analysis. "The application

Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software

Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it said is being actively exploited in the wild, marking an escalation of its security woes. Tracked as CVE-2023-38035 (CVSS score: 9.8), the issue has been described as a case of authentication bypass impacting versions 9.18 and prior due to what it called an

Critical Adobe ColdFusion Flaw Added to CISA's Exploited Vulnerability Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to a deserialization flaw present in Adobe ColdFusion 2018 (Update 15 and earlier) and ColdFusion 2021 (

New WinRAR Vulnerability Could Allow Hackers to Take Control of Your PC

A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Tracked as CVE-2023-40477 (CVSS score: 7.8), the vulnerability has been described as a case of improper validation while processing recovery volumes. "The issue results from the lack of proper validation of user-supplied

How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

From a user’s perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you’re seeking. Unfortunately, few users understand the implications of the permissions they allow when they create a new OAuth grant, making it easy for malicious actors to manipulate employees into giving

This Malware Turned Thousands of Hacked Windows and macOS PCs into Proxy Servers

Threat actors are leveraging access to malware-infected Windows and macOS machines to deliver a proxy server application and use them as exit nodes to reroute proxy requests. According to AT&T Alien Labs, the unnamed company that offers the proxy service operates more than 400,000 proxy exit nodes, although it's not immediately clear how many of them were co-opted by malware installed on

HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack

The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting activity aimed at Taiwan-based organizations and a U.S. military procurement system. Besides recompiling malware samples for different architectures, the artifacts are said to have been hosted on new virtual private servers (VPSs), Lumen Black Lotus Labs said in a report

WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams

Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that's engineered to conduct tech support scams. The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, leveraging JavaScript embedded in compromised websites to perform anti-bot and web traffic filtering checks to serve

New Juniper Junos OS Flaws Expose Devices to Remote Attacks - Patch Now

Networking hardware company Juniper Networks has released an "out-of-cycle" security update to address multiple flaws in the J-Web component of Junos OS that could be combined to achieve remote code execution on susceptible installations. The four vulnerabilities have a cumulative CVSS rating of 9.8, making them Critical in severity. They affect all versions of Junos OS on SRX and EX Series. "By

Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection

Threat actors are using Android Package (APK) files with unknown or unsupported compression methods to elude malware analysis. That's according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on the operating system without any problems. There is no evidence that the apps were available on the

14 Suspected Cybercriminals Arrested Across Africa in Coordinated Crackdown

A coordinated law enforcement operation across 25 African countries has led to the arrest of 14 suspected cybercriminals, INTERPOL announced Friday. The exercise, conducted in partnership with AFRIPOL, enabled investigators to identify 20,674 cyber networks that were linked to financial losses of more than $40 million. "The four-month Africa Cyber Surge II operation was launched in April 2023

The Vulnerability of Zero Trust: Lessons from the Storm 0558 Hack

While IT security managers in companies and public administrations rely on the concept of Zero Trust, APTS (Advanced Persistent Threats) are putting its practical effectiveness to the test. Analysts, on the other hand, understand that Zero Trust can only be achieved with comprehensive insight into one's own network.  Just recently, an attack believed to be perpetrated by the Chinese hacker group

New Wave of Attack Campaign Targeting Zimbra Email Users for Credential Theft

A new "mass-spreading" social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect their login credentials for use in follow-on operations. The activity, active since April 2023 and still ongoing, targets a wide range of small and medium businesses and governmental entities, most of which are located in Poland, Ecuador, Mexico, Italy, and Russia

New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools

Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution. "The Impacket tool has credential dumping and remote service execution modules that could be used for broad deployment of the BlackCat ransomware in target environments," the company's

Google Chrome's New Feature Alerts Users About Auto-Removal of Malicious Extensions

Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to proactively alert users when an extension they have installed has been removed from the Chrome Web Store. The feature, set for release alongside Chrome 117, allows users to be notified when an add-on has been unpublished by a developer, taken down for violating Chrome Web Store policy, or marked

NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security

A previously undetected attack method called NoFilter has been found to abuse the Windows Filtering Platform (WFP) to achieve privilege escalation in the Windows operating system. "If an attacker has the ability to execute code with admin privilege and the target is to perform LSASS Shtinkering, these privileges are not enough," Ron Ben Yizhak, a security researcher at Deep Instinct, told The

China-Linked Bronze Starlight Group Targeting Gambling Sector with Cobalt Strike Beacons

An ongoing cyber attack campaign originating from China is targeting the Southeast Asian gambling sector to deploy Cobalt Strike beacons on compromised systems.  Cybersecurity firm SentinelOne said the tactics, techniques, and procedures point to the involvement of a threat actor tracked as Bronze Starlight (aka Emperor Dragonfly or Storm-0401), which has been linked to the use of short-lived 

New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities

A new, financially motivated operation dubbed LABRAT has been observed weaponizing a now-patched critical flaw in GitLab as part of a cryptojacking and proxyjacking campaign. "The attacker utilized undetected signature-based tools, sophisticated and stealthy cross-platform malware, command-and-control (C2) tools which bypassed firewalls, and kernel-based rootkits to hide their presence," Sysdig 

New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode

Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and maintain access to an Apple device even when the victim believes it is offline. The method "tricks the victim into thinking their device's Airplane Mode works when in reality the attacker (following successful device exploit) has planted an artificial

Why You Need Continuous Network Monitoring?

Changes in the way we work have had significant implications for cybersecurity, not least in network monitoring. Workers no longer sit safely side-by-side on a corporate network, dev teams constantly spin up and tear down systems, exposing services to the internet. Keeping track of these users, changes and services is difficult – internet-facing attack surfaces rarely stay the same for long. But

Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks

An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29 (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock,

CISA Adds Citrix ShareFile Flaw to KEV Catalog Due to In-the-Wild Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active in-the-wild exploitation. Tracked as CVE-2023-24489 (CVSS score: 9.8), the shortcoming has been described as an improper access control bug that, if successfully exploited

What's the State of Credential theft in 2023?

At a little overt halfway through 2023, credential theft is still a major thorn in the side of IT teams. The heart of the problem is the value of data to cybercriminals and the evolution of the techniques they use to get hold of it. The 2023 Verizon Data Breach Investigations Report (DBIR) revealed that 83% of breaches involved external actors, with almost all attacks being financially motivated

Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks

Active flaws in the PowerShell Gallery could be weaponized by threat actors to pull off supply chain attacks against the registry's users. "These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package," Aqua security researchers Mor Weinberger, Yakir Kadkoda, and Ilay Goldman said in a report shared

Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security

More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud workload. Some teams may rely on their existing network security solutions. According to a new guide

Google Introduces First Quantum Resilient FIDO2 Security Key Implementation

Google on Tuesday announced the first quantum resilient FIDO2 security key implementation as part of its OpenSK security keys initiative. "This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium's resilience against quantum attacks," Elie Bursztein and Fabian Kaczmarczyck 

Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations

Multiple critical security flaws have been reported in Ivanti Avalanche, an enterprise mobile device management solution that’s used by 30,000 organizations. The vulnerabilities, collectively tracked as CVE-2023-32560 (CVSS score: 9.8), are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0. Cybersecurity company Tenable said the shortcomings are the result of buffer

Nearly 2,000 Citrix NetScaler Instances Hacked via Critical Vulnerability

Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. "An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing web shells on vulnerable NetScalers to gain persistent access," NCC Group said in an advisory released Tuesday. "The adversary can

Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages, Experts Warn

Threat actors' use of Cloudflare R2 to host phishing pages has witnessed a 61-fold increase over the past six months. "The majority of the phishing campaigns target Microsoft login credentials, although there are some pages targeting Adobe, Dropbox, and other cloud apps," Netskope security researcher Jan Michael said. Cloudflare R2, analogous to Amazon Web Service S3, Google Cloud Storage, and

Catching the Catphish: Join the Expert Webinar on Combating Credential Phishing

Is your organization constantly under threat from credential phishing? Even with comprehensive security awareness training, many employees still fall victim to credential phishing scams. The result? Cybercriminals gaining immediate and unhindered access to sensitive data, email accounts, and other applications. But what if you could outsmart these criminals and protect your organization? Join 

Multiple Flaws Found in ScrutisWeb Software Exposes ATMs to Remote Hacking

Four security vulnerabilities in the ScrutisWeb ATM fleet monitoring software made by Iagona could be exploited to remotely break into ATMs, upload arbitrary files, and even reboot the terminals. The shortcomings were discovered by the Synack Red Team (SRT) following a client engagement. The issues have been addressed in ScrutisWeb version 2.1.38. "Successful exploitation of these

Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics

The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors. Monti emerged in June 2022, weeks after the Conti ransomware group shut down its operations, deliberately imitating the tactics and tools associated with the latter, including its leaked source code. Not anymore.

Malware Unleashed: Public Sector Hit in Sudden Surge, Reveals New Report

The just-released BlackBerry Global Threat Intelligence Report reveals a 40% increase in cyberattacks against government and public service organizations versus the previous quarter. This includes public transit, utilities, schools, and other government services we rely on daily. With limited resources and often immature cyber defense programs, these publicly funded organizations are struggling

Gigabud RAT Android Banking Malware Targets Institutions Across Countries

Account holders of over numerous financial institutions in Thailand, Indonesia, Vietnam, the Philippines, and Peru are being targeted by an Android banking malware called Gigabud RAT. "One of Gigabud RAT's unique features is that it doesn't execute any malicious actions until the user is authorized into the malicious application by a fraudster, [...] which makes it harder to detect," Group-IB

Over 120,000 Computers Compromised by Info Stealers Linked to Users of Cybercrime Forums

A "staggering" 120,000 computers infected by stealer malware have credentials associated with cybercrime forums, many of them belonging to malicious actors. The findings come from Hudson Rock, which analyzed data collected from computers compromised between 2018 to 2023. "Hackers around the world infect computers opportunistically by promoting results for fake software or through YouTube

North Korean Hackers Suspected in New Wave of Malicious npm Packages

The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules. Software supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attack wave uncovered in June, which has since been linked to North Korean threat actors. As many as nine

QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord

A new remote access trojan (RAT) called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms. "Once installed on the victim's Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker's Telegram bot, providing them with unauthorized access to the victim's sensitive information," Uptycs said in a new

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw (CVE-2022-24086, CVSS score: 9.8) in Adobe Commerce and Magento Open Source that, if successfully exploited, could lead to arbitrary code execution. "The attacker seems to be

Identity Threat Detection and Response: Rips in Your Identity Fabric

Why SaaS Security Is a Challenge In today's digital landscape, organizations are increasingly relying on Software-as-a-Service (SaaS) applications to drive their operations. However, this widespread adoption has also opened the doors to new security risks and vulnerabilities. The SaaS security attack surface continues to widen. It started with managing misconfigurations and now requires a

Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks

Germany's Federal Office for the Protection of the Constitution (BfV) has warned of cyber attacks targeting Iranian persons and organizations in the country since the end of 2022. "The cyber attacks were mainly directed against dissident organizations and individuals – such as lawyers, journalists, or human rights activists – inside and outside Iran," the agency said in an advisory. The

New Financial Malware 'JanelaRAT' Targets Latin American Users

Users in Latin America (LATAM) are the target of a financial malware called JanelaRAT that's capable of capturing sensitive information from compromised Microsoft Windows systems. "JanelaRAT mainly targets financial and cryptocurrency data from LATAM bank and financial institutions," Zscaler ThreatLabz researchers Gaetano Pellegrino and Sudeep Singh said, adding it "abuses DLL side-loading

India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First

The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill (DPDPB) after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people's information. "The Bill provides for the processing of digital personal data in a manner that recognizes both the rights of the individuals to protect their

Multiple Flaws in CyberPower and Dataprobe Products Put Data Centers at Risk

Multiple security vulnerabilities impacting CyberPower's PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe's iBoot Power Distribution Unit (PDU) could be potentially exploited to gain unauthenticated access to these systems and inflict catastrophic damage in target environments. The nine vulnerabilities, from CVE-2023-3259 through CVE-2023-3267, carry

Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping

Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom's Zero Touch Provisioning (ZTP) that could be potentially exploited by a malicious attacker to conduct remote attacks. "An external attacker who leverages the vulnerabilities discovered in AudioCodes Ltd.'s desk phones and Zoom's Zero Touch Provisioning feature can gain full remote control of the devices,"

Lolek Bulletproof Hosting Servers Seized, 5 Key Operators Arrested

European and U.S. law enforcement agencies have announced the dismantling of a bulletproof hosting service provider called Lolek Hosted, which cybercriminals have used to launch cyber-attacks across the globe. "Five of its administrators were arrested, and all of its servers seized, rendering LolekHosted.net no longer available," Europol said in a statement. "The service facilitated the

New Python URL Parsing Flaw Could Enable Command Execution Attacks

A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution. "urlparse has a parsing problem when the entire URL starts with blank characters," the CERT Coordination Center (CERT/CC) said in a Friday

Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus

A hitherto undocumented threat actor operating for nearly a decade and codenamed MoustachedBouncer has been attributed to cyber espionage attacks aimed at foreign embassies in Belarus. "Since 2020, MoustachedBouncer has most likely been able to perform adversary-in-the-middle (AitM) attacks at the ISP level, within Belarus, in order to compromise its targets," ESET security researcher Matthieu

Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116

Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien said in a post published Thursday. Kyber was chosen by the U.S. Department of Commerce's

Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics

The Chinese threat actor known as APT31 (aka Bronze Vinewood, Judgement Panda, or Violet Typhoon) has been linked to a set of advanced backdoors that are capable of exfiltrating harvested sensitive information to Dropbox. The malware is part of a broader collection of more than 15 implants that have been put to use by the adversary in attacks targeting industrial organizations in Eastern Europe

New SystemBC Malware Variant Targets Southern African Power Company

An unknown threat actor has been linked to a cyber attack on a power generation company in southern Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. "The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a south African nation's critical infrastructure," Kurt Baumgartner, principal security researcher at

16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks

A set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments. The flaws, tracked from CVE-2022-47378 through CVE-2022-47393 and dubbed CoDe16, carry a CVSS score of 8.8 with the exception of CVE-2022-

CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft's .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-38180 (CVSS score: 7.5), the high-severity flaw relates to a case denial-of-service (DoS) impacting .NET and Visual Studio. It

New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks

Malicious actors are using a legitimate Rust-based injector called Freeze[.]rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It has also been used to introduce Remcos RAT by means of a crypter called SYK Crypter, which was

New Statc Stealer Malware Emerges: Your Sensitive Data at Risk

A new information malware strain called Statc Stealer has been found infecting devices running Microsoft Windows to siphon sensitive personal and payment information. "Statc Stealer exhibits a broad range of stealing capabilities, making it a significant threat," Zscaler ThreatLabz researchers Shivam Sharma and Amandeep Kumar said in a technical report published this week. "It can steal

Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization

Attackers continue to target Microsoft identities to gain access to connected Microsoft applications and federated SaaS applications. Additionally, attackers continue to progress their attacks in these environments, not by exploiting vulnerabilities, but by abusing native Microsoft functionality to achieve their objective. The attacker group Nobelium, linked with the SolarWinds attacks, has been

Encryption Flaws in Popular Chinese Language App Put Users' Typed Data at Risk

A widely used Chinese language input app for Windows and Android has been found vulnerable to serious security flaws that could allow a malicious interloper to decipher the text typed by users. The findings from the University of Toronto's Citizen Lab, which carried out an analysis of the encryption mechanism used in Tencent's Sogou Input Method, an app that has over 455 million monthly active

Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft 365 user accounts, sending approximately 120,000 phishing emails to hundreds of organizations